Threat-modeling-guided Trust-based Task Offloading for Resource-constrained Internet of Things

Resource-constrained Internet of Things (IoT) devices are executing increasingly sophisticated applications that may require computational or memory intensive tasks to be executed. Due to their resource constraints, IoT devices may be unable to compute these tasks and will offload them to more powerful resource-rich edge nodes. However, as edge nodes may not necessarily behave as expected, an IoT device needs to be able to select which edge node should execute its tasks. This selection problem can be addressed by using a measure of behavioural trust of the edge nodes delivering a correct response, based on historical information about past interactions with edge nodes that are stored in memory. However, due to their constrained memory capacity, IoT devices will only be able to store a limited amount of trust information, thereby requiring an eviction strategy when its memory is full of which there has been limited investigation in the literature. To address this, we develop the concept of the memory profile of an agent and that profile’s utility. We formalise the profile eviction problem in a unified profile memory model and show it is NP-complete. To circumvent the inherent complexity, we study the performance of eviction algorithms in a partitioned profile memory model using our utility metric. Our results show that localised eviction strategies which only consider one specific type of information do not perform well. Thus we propose a novel eviction strategy that globally considers all types of trust information stored and we show that it outperforms local eviction strategies for the majority of memory sizes and agent behaviours. In this paper, we develop a concept of information utility to a trust model and formalise the problem of information eviction, which we prove to be NP-complete. We then investigate the usefulness of different eviction strategies to maximise the utility of information stored to enable trust-based task offloading.

Modified genetic algorithm and fine-tuned long short-term memory network for intrusion detection in the internet of things networks with edge capabilities

Internet of Things (IoT) networks' wide range and heterogeneity make them prone to cyberattacks. Most IoT devices have limited resource capabilities (e.g., memory capacity, processing power, and energy consumption) to function as conventional intrusion detection systems (IDSs). Researchers have applied many approaches to lightweight IDSs, including energy-based IDSs, machine learning/deep learning (ML/DL)-based IDSs, and federated learning (FL)-based IDSs. FL has become a promising solution for IDSs in IoT networks because it reduces the overhead in the learning process by engaging IoT devices during the training process. Three FL architectures are used to tackle the IDSs in IoT networks, including centralized (client-server), decentralized (device-to-device), and semi-decentralized. However, none of them has solved the heterogeneity of IoT devices while considering lightweight-ness and performance at the same time. Therefore, we propose a semi-decentralized FL-based model for a lightweight IDS to fit the IoT device capabilities. The proposed model is based on clustering the IoT devices-FL clients-and assigning a cluster head to each cluster that acts on behalf of FL clients. Consequently, the number of IoT devices that communicate with the server is reduced, helping to reduce the communication overhead. Moreover, clustering helps in improving the aggregation process as each cluster sends the average model's weights to the server for aggregation in one FL round. The distributed denial-of-service (DDoS) attack is the main concern in our IDS model, since it easily occurs in IoT devices with limited resource capabilities. The proposed model is configured with three deep learning techniques-LSTM, BiLSTM, and WGAN-using the CICIoT2023 dataset. The experimental results show that the BiLSTM achieves better performance and is suitable for resource-constrained IoT devices based on model size. We test the pre-trained semi-decentralized FL-based model on three datasets-BoT-IoT, WUSTL-IIoT-2021, and Edge-IIoTset-and the results show that our model has the highest performance in most classes, particularly for DDoS attacks.

Internet of things (IoT) is all about the exciting era of smart devices exchanging data and information among themselves autonomously using the internet. The IoT devices are ubiquitous in nature and have grown in numbers rapidly. These devices are prone to vulnerabilities that jeopardize the security and privacy of the user. Incorporation of trust has become a critical issue in securing information exchange in IoT devices and networks. Device and network heterogeneity, scalability, context awareness and cost involved are some of the issues to be considered while implementing trust management in IoT networks. This paper presents an exhaustive overview on the need for trust mechanisms and trust management in data aggregation, routing, clustering, authentication and attack detection in IoT networks. It also includes a brief description of trust aware IoT-based applications like smart cities, social IoT, vehicular networks, industrial IoT and healthcare. The research challenges in incorporation of trust in IoT devices and networks have also been presented.

<span lang="EN-US">A plethora of national vital infrastructures connected to internet of things (IoT) networks may trigger serious data security vulnerabilities. To address the issue, intrusion detection systems (IDS) were investigated where the behavior and traffic of IoT networks are monitored to determine whether malicious attacks or not occur through centralized learning on a cloud. Nonetheless, such a method requires IoT devices to transmit their local network traffic data to the cloud, thereby leading to data breaches. This paper proposes a federated learning (FL)-based IDS on IoT networks aiming at improving the intrusion detection accuracy without privacy leakage from the IoT devices. Specifically, an IoT service provider can first motivate IoT devices to participate in the FL process via a contract-based incentive mechanism according to their local data. Then, the FL process is executed to predict IoT network traffic types without sending IoT devices’ local data to the cloud. Here, each IoT device performs the learning process locally and only sends the trained model to the cloud for the model update. The proposed FL-based system achieves a higher utility (up to 44%) than that of a non-contract-based incentive mechanism and a higher prediction accuracy (up to 3%) than that of the local learning method using a real-world IoT network traffic dataset.</span>

Unmanned Aerial Vehicle (UAV) is a promising technology that can serve as aerial base stations to assist Internet of Things (IoT) networks, solving various problems such as extending network coverage, enhancing network performance, transferring energy to IoT devices (IoTDs), and perform computationally-intensive tasks of IoTDs. Heterogeneous IoTDs connected to IoT networks have limited processing capability, so they cannot perform resource-intensive activities for extended periods. Additionally, IoT network is vulnerable to security threats and natural calamities, limiting the execution of real-time applications. Although there have been many attempts to solve resource scarcity through computational offloading with Energy Harvesting (EH), the emergency and vulnerability issues have still been under-explored so far. This paper proposes a blockchain and multi-agent deep reinforcement learning (MADRL) integrated framework for computation offloading with EH in a multi-UAV-assisted IoT network, where IoTDs obtain computing and energy resources from UAVs. We first formulate the optimization problem as the joint optimization problem of computation offloading and EH problems while considering the optimal resource price. And then, we model the optimization problem as a Stackelberg game to investigate the interaction between IoTDs and UAVs by allowing them to continuously adjust their resource demands and pricing strategies. In particular, the formulated problem can be addressed indirectly by a stochastic game model to minimize computation costs for IoTDs while maximizing the utility of UAVs. The MADRL algorithm solves the defined problem due to its dynamic and large-dimensional properties. Finally, extensive simulation results demonstrate the superiority of our proposed framework compared to the state-of-the-art.

With constantly increasing demand in connected society Internet of Things (IoT) network is frequently becoming congested. IoT sensor devices lose more power while transmitting data through congested IoT networks. Currently, in most scenarios, the distributed IoT devices in use have no effective spectrum based power management, and have no guarantee of a long term battery life while transmitting data through congested IoT networks. This puts user information at risk, which could lead to loss of important information in communication. In this paper, we studied the extra power consumed due to retransmission of IoT data packet and bad communication channel management in a congested IoT network. We propose a spectrum based power management solution that scans channel conditions when needed and utilizes the lowest congested channel for IoT packet routing. It also effectively measured power consumed in idle, connected, paging and synchronization status of a standard IoT device in a congested IoT network. In our proposed solution, a Freescale Freedom Development Board (FREDEVPLA) is used for managing channel related parameters. While supervising the congestion level and coordinating channel allocation at the FREDEVPLA level, our system configures MAC and Physical layer of IoT devices such that it provides the outstanding power utilization based on the operating network in connected mode compared to the basic IoT standard. A model has been set up and tested using freescale launchpads. Test data show that battery life of IoT devices using proposed spectrum based power management increases by at least 30% more than non-spectrum based power management methods embedded within IoT devices itself. Finally, we compared our results with the basic IoT standard, IEEE802.15.4. Furthermore, the proposed system saves lot of memory for IoT devices, improves overall IoT network performance, and above all, decrease the risk of losing data packets in communication. The detail analysis in this paper also opens up multiple avenues for further research in future use of channel scanning by FREDEVPLA board.

Mobile-edge computing (MEC)-enabled Internet of Things (IoT) networks have been deemed a promising paradigm to support massive energy-constrained and computation-limited IoT devices. Energy harvesting (EH) further enhances the operating capabilities of IoT devices that normally only possess very limited energy support. Nevertheless, many studies show that IoT devices using EH can experience uncertainty and unpredictability, which can complicate the EH-based IoT network design. Furthermore, with many new services in 5G and the forthcoming 6G eras, such as autonomous driving and vehicular communications, mobility consideration in IoT networks becomes more and more important. In this article, we study the computing offloading and resource allocation problems in an IoT network that supports both mobility and EH. The long-term average sum service cost of all the mobile IoT devices (MIDs) is minimized by optimizing the harvested energy, task-partition factors, the central process unit frequencies, the transmit power, and the association vector of MIDs. An online mobility-aware offloading and resource allocation (OMORA) algorithm is proposed based on the Lyapunov optimization and semidefinite programming (SDP). This online algorithm optimizes the offloading scheme without the need to have prior knowledge of the user mobility, EH model, and channel condition. Theoretical analysis shows that the proposed OMORA algorithm can achieve asymptotic optimality. Simulation results demonstrate that the proposed algorithm can effectively balance the system service cost and energy queue length, and outperform other offloading benchmark algorithms on the system service cost and packet losses.

The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer. We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 27%, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.

Recent research has focused on applying blockchain technology to solve security-related problems in Internet of Things (IoT) networks. However, implementing blockchain technology directly on IoT networks is prone to high overheads and energy-expensive operations. Therefore, in this paper, we use edge computing technology to avoid these problems. We also propose a novel Trust-based Access Control Mechanism for Edge-IoT Networks using Blockchain technology (named TABI) to implement end-to-end security in resource-constrained IoT networks. The TABI mechanism utilizes both access control and trust evaluation mechanisms to mitigate the impact of malicious IoT users and devices. Additionally, it incorporates permissioned Hyperledger blockchain technology to provide an added layer of security through authentication. The trust evaluation mechanism is implemented as a trust calculation contract (TCC) on the edge devices using Hyperledger Composer. The access control mechanism employs an Attribute-based Access Control (ABAC) mechanism, which is implemented on the Hyperledger blockchain using two smart contracts: the attribute contract (AC) and the access control contract (ACC). We implement a proof-of-concept (PoC) implementation using Hyperledger Caliper (a benchmark testing tool) and Docker images. Our evaluation includes five analyses: Trust Evaluation Mechanism, Access Control Mechanism, Security, Blockchain, and IoT Applications. Through this evaluation, we highlight the effectiveness of TABI in terms of throughput, latency, detection of malicious IoT devices, and resource consumption of the IoT devices. Our analyses demonstrate that TABI is particularly useful in IoT applications that require low latency and resource efficiency.

Lyapunov-guided Deep Reinforcement Learning for service caching and task offloading in Mobile Edge Computing

With the development of Internet of Things (IoT) networks and Mobile Edge Computing (MEC), many computing-intensive applications have been developed in large quantities. Due to the heterogeneity of tasks, different application services are required to perform each task. Caching application services and related data in edge servers is challenging. Hence, we study the service cache placement and task offloading problem in IoT networks. Since IoT devices and edge servers with limited storage resources can only cache a few services at the same time, we formulate the service cache placement and task offloading of IoT devices problem to minimize task service delay with long-term energy constraint of IoT devices, which is a mixed integer nonlinear programming problem. To solve this problem, an online Deep Reinforcement Learning guided by the Lyapunov optimization framework algorithm (LYADRL) is proposed. We first build a virtual queue model to decouple the problem by Lyapunov optimization technique to transform the problem into a single time slot optimization problem. Then, we use Deep Reinforcement Learning techniques to find the optimal edge service caching and task offloading policies for each time slot. Simulation results show that our algorithm can reduce the service delay compared with other benchmark algorithms.

Edge computing has been introduced to support the real-time applications that require quick responses in the Internet of Things (IoT) network. The traditional cloud-based network management cannot serve the real-time applications due to the increased latency. In edge computing, several edge nodes will be deployed at the edge of the network. Thus, the applications will be able to get the resource support from the nearest location. Based on the execution strategy, the edge-based computation can be categorized into fog computing, mobile edge computing, and mobile cloud computing. Edge computing can be integrated to the wide range of IoT-enabled environments, which include smart city, health care, vehicular network, industrial environments, etc. Most of the applications in these smart environments handle sensitive data. The deployment of lightweight IoT devices and the edge nodes increased the security threats in the network. Since each IoT-enabled environment has been established for accomplishing different needs, the security-related challenges will vary in each environment. Application specific intelligent security algorithms need to be integrated within the IoT network for removing security threats. The resource-limited IoT devices cannot execute such complex algorithms. Thus, all such mechanisms will be integrated to the nodes deployed in the edge layer. This chapter discusses the security threats associated with different applications in edge-based IoT networks.

The future Internet of Things (IoT) will have a deep economical, commercial and social impact on our lives. The participating nodes in IoT networks are usually resource-constrained, which makes them luring targets for cyber-attacks. In this regard, extensive efforts have been made to address the security and privacy issues in IoT networks primarily through traditional cryptographic approaches. However, the unique characteristics of IoT nodes render the existing solutions insufficient to encompass the entire security spectrum of the IoT networks. This is, at least in part, because of the resource constraints, heterogeneity, massive real-time data generated by the IoT devices, and the extensively dynamic behavior of the networks. Therefore, Machine Learning (ML) and Deep Learning (DL) techniques, which are able to provide embedded intelligence in the IoT devices and networks, are leveraged to cope with different security problems. In this paper, we systematically review the security requirements, attack vectors, and the current security solutions for the IoT networks. We then shed light on the gaps in these security solutions that call for ML and DL approaches. We also discuss in detail the existing ML and DL solutions for addressing different security problems in IoT networks. At last, based on the detailed investigation of the existing solutions in the literature, we discuss the future research directions for ML and DL-based IoT security.

The subject of research is the analysis and definition of the information model of devices, the choice of technologies and protocols for data collection and analysis, routing protocols for the Internet of Things (IoT) networks. The purpose of the article is to create an information model of IoT devices, to define technologies and protocols for data transmission and processing and routing in Internet of Things systems. Building an information model of an IoT device includes identifying data sources and their formats, creating a model and data structure, and analyzing them using tools such as: Eclipse Vorto ThingBoard, Ubodots IoT, Node-Red-UI, freeboard.io . An example of a description of a model of microclimate control devices using the Eclipse Vorto toolkit is given. Two main data processing technologies from IoT devices are considered: IBM Watson IoT, Cisco IWF with examples of their application. Radio frequency, infrared, optical and galvanic technologies for interaction between data collection and data transmission devices in IoT networks with examples of their use are discussed. The areas of application of three main IoT network protocols are considered: MQTT (large corporate networks), CoAP (limited networks on the Internet), Bluetooth Low Energy (local networks without the Internet with a small amount of data).Wi-Fi WebSockets, ZigBee, LoRA, Simple RF, XMPP, RFID, NFC can be used as additional protocols for networks. The features of using routing protocols in IoT networks are discussed: RPL (low power consumption), cognitive RPL (for intelligent networks), CARP (for underwater communication networks), E-CARP (for data reuse).